Sterling Rope Co. Hit by Rhysida Ransomware: Data Release Threatened
Incident Date:
August 16, 2024
Overview
Title
Sterling Rope Co. Hit by Rhysida Ransomware: Data Release Threatened
Victim
Sterling Rope Co.
Attacker
Rhysida
Location
First Reported
August 16, 2024
Ransomware Attack on Sterling Rope Co. by Rhysida Group
Sterling Rope Company, a leading manufacturer of high-performance ropes and life-safety products based in Biddeford, Maine, has fallen victim to a ransomware attack by the Rhysida Ransomware Group. The attack was publicly claimed by Rhysida on their dark web leak site, where they have threatened to release the company's data within 6-7 days, posting sample screenshots as proof.
About Sterling Rope Company
Founded in 1992, Sterling Rope Company specializes in the design and manufacturing of high-quality ropes and related products for various industries, including climbing, rescue, arboriculture, and tactical applications. The company is renowned for its commitment to safety and performance, producing ropes that meet stringent industry standards. Sterling Rope's innovative technologies, such as their proprietary XEROS technology, enhance the durability and environmental friendliness of their products. The company also emphasizes sustainability, operating its manufacturing plant on 100% renewable energy and maintaining a rigorous recycling program.
Attack Overview
The Rhysida Ransomware Group has claimed responsibility for the attack on Sterling Rope, threatening to release sensitive company data unless a ransom is paid. The attackers have already posted sample screenshots of the exfiltrated data on their dark web portal. This incident highlights the vulnerabilities that even well-established companies in the manufacturing sector face from sophisticated cyber threats.
About Rhysida Ransomware Group
First sighted in May 2023, the Rhysida Ransomware Group has quickly made a name for itself by targeting sectors such as education, healthcare, manufacturing, information technology, and government. The group employs a double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. Rhysida ransomware is written in C++ and targets Windows operating systems, using the ChaCha20 encryption algorithm. The group typically deploys the ransomware through phishing campaigns and leverages valid credentials to establish network connections via VPN.
Penetration and Impact
Rhysida's attack on Sterling Rope likely involved leveraging valid credentials to gain initial access, followed by the use of tools like Advance IP/Port Scanner to enumerate the victim's environment. The group then employed Sysinternals tools like PsExec for lateral movement and ransomware deployment. The attack underscores the importance of strong cybersecurity measures, as even companies with strong reputations for innovation and quality can be vulnerable to sophisticated cyber threats.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.